Okta vulnerability allowed accounts with long usernames to log in without a password

Okta has revealed that its system had a vulnerability that allowed people to log in without having to provide the correct password.

Okta bypassed password authentication if the account had a username that had 52 or more characters.

The company has admitted that the vulnerability was introduced as part of a standard update that went out on July 23, 2024 .